US12314430B1ActiveUtility

System and methods for protecting user privacy and providing secure access to user data

91
Assignee: DHARDT RD LLCPriority: Jun 9, 2021Filed: Jun 1, 2022Granted: May 27, 2025
Est. expiryJun 9, 2041(~14.9 yrs left)· nominal 20-yr term from priority
Inventors:Dick C. Hardt
G06F 21/6245G06F 21/6227G06F 21/602
91
PatentIndex Score
9
Cited by
12
References
15
Claims

Abstract

Systems, devices, apparatuses, and methods for more effectively protecting a user's private data and information regarding their browsing and other on-line activities. Embodiments remove constraints on an application developer by not requiring them to specify an authentication service provider as part of their application, and instead permit a user to make that choice in a protected and anonymous manner.

Claims

exact text as granted — not AI-modified
That which is claimed is: 
     
       1. A system, comprising:
 one or more processors or servers; 
 a set of computer-executable instructions stored on a non-transitory computer-readable medium, that when executed by the one or mor more processors or servers provides a set of services to a user, the services providing the user with access to an application and protection of the user's data; and 
 the set of services, wherein the set of services further comprises
 an orchestration service operable to interact with a user, one or more applications the user is using, and one or more providers of services processing claims about the user, the orchestration service operable to perform processing and distribution of the claim about the user to one or more services of the set of services, and wherein the orchestration service operates to receive requests from an application, make requests of providers, receive claims from providers, obtain consent from users, and transfer results signed by a token service back to the application, the orchestration service operating in accordance with a protocol; 
 a token service coupled to the orchestration service and operable to receive requests from the orchestration service to create and sign records, create and sign storage access tokens, create tokens for external parties, and verify that orchestration service operations comply with the protocol; 
 an encryption service coupled to the orchestration service and operable to generate a unique record encryption key for each record provided by the orchestration service, and which operates to encrypt the record key with a master key, encrypts each record coming from the orchestration service, and decrypts each record going to the orchestration service; and 
 a storage service coupled to the encryption service and operable to perform record management operations including create, read, update, and delete on a record stored in a database in the storage service based on authorization instructions in a storage access token signed by the token service, wherein each of the orchestration, token, encryption, and storage services is operated by an entity that is independent of the entity operating a different one of the services, and wherein each of the orchestration, token, encryption, and storage services is implemented as a separate multi-tenant platform. 
 
 
     
     
       2. The system of  claim 1 , wherein each of the orchestration, token, encryption, and storage services is operated by an entity located in an independent jurisdiction. 
     
     
       3. The system of  claim 2 , wherein each of the independent jurisdictions does not have a data sharing agreement with another of the independent jurisdictions. 
     
     
       4. The system of  claim 1 , wherein the claim about the user is a statement regarding a characteristic of the user or the user's interactions with the application. 
     
     
       5. The system of  claim 1 , wherein each of the orchestration, token, encryption, and storage services are configured to be unable to access user data without the assistance of at least one other of the services. 
     
     
       6. The system of  claim 1 , wherein the orchestration service is operable to permit a user to identify a delegate who is authorized to access to the user's account if the user becomes incapacitated. 
     
     
       7. A system, comprising:
 one or more electronic processors configured to execute a set of computer-executable instructions; and 
 the set of computer-executable instructions, wherein when executed, the instructions cause the one or more electronic processors to implement and operate 
 an orchestration service operable to interact with a user, one or more applications the user is using, and one or more providers of services processing claims about the user, the orchestration service operable to perform processing and distribution of the claim about the user to one or more services that are part of the system, and wherein the orchestration service operates to receive requests from an application, make requests of providers, receive claims from providers, obtain consent from users, and transfer results signed by a token service back to the application, the orchestration service operating in accordance with a protocol; 
 a token service coupled to the orchestration service and operable to receive requests from the orchestration service to create and sign records, create and sign storage access tokens, create tokens for external parties, and verify that orchestration service operations comply with the protocol; 
 an encryption service coupled to the orchestration service and operable to generate a unique record encryption key for each record provided by the orchestration service, and which operates to encrypt the record key with a master key, encrypts each record coming from the orchestration service, and decrypts each record going to the orchestration service; and 
 a storage service coupled to the encryption service and operable to perform record management operations including create, read, update, and delete on a record stored in a database in the storage service based on authorization instructions in a storage access token signed by the token service, wherein each of the orchestration, token, encryption, and storage services is operated by an entity that is independent of the entity operating a different one of the services, and wherein each of the orchestration, token, encryption, and storage services is implemented as a separate multi-tenant platform. 
 
     
     
       8. The system of  claim 7 , wherein each of the orchestration, token, encryption, and storage services is operated by an entity located in an independent jurisdiction. 
     
     
       9. The system of  claim 8 , wherein each of the independent jurisdictions does not have a data sharing agreement with another of the independent jurisdictions. 
     
     
       10. The system of  claim 7 , wherein the claim about the user is a statement regarding a characteristic of the user or the user's interactions with the application. 
     
     
       11. The system of  claim 7 , wherein each of the orchestration, token, encryption, and storage services are configured to be unable to access user data without the assistance of at least one other of the services. 
     
     
       12. The system of  claim 7 , wherein the orchestration service is operable to permit a user to identify a delegate who is authorized to access to the user's account if the user becomes incapacitated. 
     
     
       13. A set of computer-executable instructions that when executed by one or more programmed electronic processors, cause the processors to implement and operate:
 an orchestration service operable to interact with a user, one or more applications the user is using, and one or more providers of services processing claims about the user, the orchestration service operable to perform processing and distribution of the claim about the user to other services of the system, and wherein the orchestration service operates to receive requests from an application, make requests of providers, receive claims from providers, obtain consent from users, and transfer results signed by a token service back to the application, the orchestration service operating in accordance with a protocol; 
 a token service coupled to the orchestration service and operable to receive requests from the orchestration service to create and sign records, create and sign storage access tokens, create tokens for external parties, and verify that orchestration service operations comply with the protocol; 
 an encryption service coupled to the orchestration service and operable to generate a unique record encryption key for each record provided by the orchestration service, and which operates to encrypt the record key with a master key, encrypts each record coming from the orchestration service, and decrypts each record going to the orchestration service; and 
 a storage service coupled to the encryption service and operable to perform record management operations including create, read, update, and delete on a record stored in a database in the storage service based on authorization instructions in a storage access token signed by the token service, wherein each of the orchestration, token, encryption, and storage services is operated by an entity that is independent of the entity operating a different one of the services, and wherein each of the orchestration, token, encryption, and storage services is implemented as a separate multi-tenant platform. 
 
     
     
       14. The set of computer-executable instructions of  claim 13 , wherein each of the orchestration, token, encryption, and storage services is operated by an entity located in an independent jurisdiction, and further wherein each of the independent jurisdictions does not have a data sharing agreement with another of the independent jurisdictions. 
     
     
       15. The set of computer-executable instructions of  claim 13 , wherein the claim about the user is a statement regarding a characteristic of the user or the user's interactions with the application, and further, wherein each of the orchestration, token, encryption, and storage services are configured to be unable to access user data without the assistance of at least one other of the services.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.